main/xz: segfault on corrupted(?) archive
running on Alpine edge, only reproducible sometimes but both with xz-5.4.4-r0 or after rebuilding ( to add debug symbols )
backtrace:
Core was generated by `unxz --threads=0 -c /var/cache/distfiles/firefox-118.0.2.tar.xz'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 memcpy () at src/string/x86_64/memcpy.s:18
18 src/string/x86_64/memcpy.s: No such file or directory.
[Current thread is 1 (LWP 21161)]
(gdb) bt full
#0 memcpy () at src/string/x86_64/memcpy.s:18
No locals.
#1 0x00007f41bb08c9a0 in memcpy (__n=8192, __os=0x7f41bb162e88, __od=<optimized out>)
at /usr/include/fortify/string.h:55
__bd = 18446744073709551615
__bs = 18446744073709551615
__d = <optimized out>
__s = 0x7f41bb162e88 "\220\340j\235A\177"
__bd = <optimized out>
__bs = <optimized out>
__d = <optimized out>
__s = <optimized out>
#2 lzma_bufcpy (
in=in@entry=0x5611329f6360 <in_buf> "w\305ѓ\261\222\213\025Y\264Jȏ\036\345\3141\232\255/\370u+.i\213\376`\310\374~\034*\255\342\3550\250\001\366\362\232\342ҫ)\361SH\263\245gh\f\2751\270\203w\271~M=\214\025\206\023\244A/m\200=J\325>\244\241\004\305#\370\025\232F\274\252G9\353\n\332\034I\005j\232KZ\210\236\360x\025\f\177\242\031䝝\206\026\314t\363\221\200\025K\023\252셅\274\020\3457_\177", in_pos=in_pos@entry=0x7ffc77c9a158, in_size=in_size@entry=8192,
out=<optimized out>, out_pos=out_pos@entry=0x7ffc77c99fa0, out_size=<optimized out>)
at common/common.c:106
in_avail = 8192
out_avail = <optimized out>
copy_size = 8192
#3 0x00007f41bb09df5f in stream_decode_mt (coder_ptr=0x7f41bb0bf0a0, allocator=0x0,
in=0x5611329f6360 <in_buf> "w\305ѓ\261\222\213\025Y\264Jȏ\036\345\3141\232\255/\370u+.i\213\376`\310\374~\034*\255\342\3550\250\001\366\362\232\342ҫ)\361SH\263\245gh\f\2751\270\203w\271~M=\214\025\206\023\244A/m\200=J\325>\244\241\004\305#\370\025\232F\274\252G9\353\n\332\034I\005j\232KZ\210\236\360x\025\f\177\242\031䝝\206\026\314t\363\221\200\025K\023\252셅\274\020\3457_\177", in_pos=0x7ffc77c9a158, in_size=8192,
out=0x5611329f4360 <out_buf> ")\n );\n });\n },\n [\n [\"dom.serviceWorkers.exemptFromPerDomainMax\", true],\n [\"dom.ipc.processCount\", 1],\n [\"dom.serviceWorkers.enabled\", true],\n [\"dom.serviceWorkers.testing.enabled"..., out_pos=0x7ffc77c9a160,
out_size=8192, action=LZMA_RUN) at common/stream_decoder_mt.c:1534
cur_in_filled = 39108272
coder = 0x7f41bb0bf0a0
wait_abs = {tv_sec = 140722318189160, tv_nsec = 12884901888}
has_blocked = false
waiting_allowed = false
#4 0x00007f41bb08cd4b in lzma_code (strm=strm@entry=0x5611329f83c0 <strm>,
action=action@entry=LZMA_RUN) at common/common.c:286
in_pos = 0
out_pos = 0
ret = <optimized out>
#5 0x00005611329e56a4 in coder_normal (pair=0x5611329f8460 <pair>) at coder.c:872
action = LZMA_RUN
ret = <optimized out>
success = false
next_block_remaining = 0
block_remaining = 18446744073709551615
list_pos = 0
action = <optimized out>
ret = <optimized out>
success = <optimized out>
block_remaining = <optimized out>
next_block_remaining = <optimized out>
list_pos = <optimized out>
stop = <optimized out>
#6 coder_run (filename=<optimized out>) at coder.c:1086
is_passthru = false
in_size = <optimized out>
init_ret = <optimized out>
pair = 0x5611329f8460 <pair>
success = false
#7 0x00005611329e3774 in main (argc=<optimized out>, argv=<optimized out>) at main.c:282
i = 0
args = {arg_names = 0x7ffc77c9a280, arg_count = 1, files_name = 0x0,
files_file = 0x0, files_delim = 0 '\000'}
run = 0x5611329e5420 <coder_run>
es = <optimized out>
reprod:
- download https://ftp.mozilla.org/pub/firefox/releases/118.0.2/source/firefox-118.0.2.source.tar.xz
- corrupt it slightly:
printf '\xfb' | dd of=firefox-118.0.2.tar.xz bs=1 seek=27241578 count=1 conv=notrunc
printf '\xf5' | dd of=firefox-118.0.2.tar.xz bs=1 seek=27242146 count=1 conv=notrunc
printf '\x22' | dd of=firefox-118.0.2.tar.xz bs=1 seek=487985722 count=1 conv=notrunc
- try to
abuild unpack